i have been noticing a short connection burst in system monitor every time i connect to internet. i got curious and decided to run wireshark to see what was happening. seems that i am connecting to 96.195.141.178 with destination of "PartedMagic". this seemed strange because i do not have PartedMagic installed, so i ran a 'whois' check. this is what it showed: IP Location United States United States Pittsburgh Comcast Cable Communications Llc ASN United States AS7922 COMCAST-7922 - Comcast Cable Communications, Inc.,US (registered Feb 14, 1997) Resolve Host m001dd684d074.pitt1.pa.comcast.net Whois Server whois.arin.net IP Address 96.195.141.178 NetRange: 96.192.0.0 - 96.223.255.255 CIDR: 96.192.0.0/11 NetName: COMCAST-VOIP-4 NetHandle: NET-96-192-0-0-1 Parent: NET96 (NET-96-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Comcast Cable Communications, LLC (CCCS) is this something for concern? if so, what is/are best way/s to track this down? any and all help / suggestions are much needed and appreciated. thank you. -- peace out. in a world with out fences, who needs gates. tc,hago. g .
On Wed, Dec 3, 2014 at 5:49 AM, g <geleem at bellsouth.net> wrote:> i have been noticing a short connection burst in system monitor every > time i connect to internet. > > i got curious and decided to run wireshark to see what was happening. > > seems that i am connecting to 96.195.141.178 with destination of > "PartedMagic". > > this seemed strange because i do not have PartedMagic installed, so > i ran a 'whois' check.> this is what it showed: > > IP Location United States United States Pittsburgh > Comcast Cable Communications Llc > ASN United States AS7922 COMCAST-7922 > - Comcast Cable Communications, Inc.,US > (registered Feb 14, 1997) > Resolve Host m001dd684d074.pitt1.pa.comcast.net > Whois Server whois.arin.net > IP Address 96.195.141.178 > NetRange: 96.192.0.0 - 96.223.255.255 > CIDR: 96.192.0.0/11 > NetName: COMCAST-VOIP-4 > NetHandle: NET-96-192-0-0-1 > Parent: NET96 (NET-96-0-0-0-0) > NetType: Direct Allocation > OriginAS: > Organization: Comcast Cable Communications, LLC (CCCS) > > is this something for concern? >Maybe. A bit odd since that's assigned as Comcast VOIP and not a static customer block.> > if so, what is/are best way/s to track this down? >I'd dump the traffic with tcpdump or wireshark and analyze it. What type of traffic is it? (transport layer protocol, as well as application protocol -- ex: HTTP is TCP port 80) Are there any DNS queries that happen prior to the spike? Use wireshark to capture them and that might give a clue. You could also use nethogs to diagnose and determine what program is causing the spike. nethogs.sourceforge.net -- ---~~.~~--- Mike // SilverTip257 //
On 12/03/2014 11:12 AM, SilverTip257 wrote: <>> Maybe. > A bit odd since that's assigned as Comcast VOIP and not a > static customer block.this is true.> I'd dump the traffic with tcpdump or wireshark and analyze it.i have a text file saved. see below which "save as" form should be used to reload into wireshark without loss of information?> What type of traffic is it? > (transport layer protocol, as well as application protocol > -- ex: HTTP is TCP port 80)see below.> Are there any DNS queries that happen prior to the spike? > Use wireshark to capture them and that might give a clue.see below.> You could also use nethogs to diagnose and determine what program is > causing the spike. > nethogs.sourceforge.netwill have to install. *BELOW* i should have done this before posting. :-( i loaded wireshark text file to: pastebin.com/rCU0CC10 -- peace out. in a world with out fences, who needs gates. tc,hago. g .
On 12/03/2014 04:49 AM, g wrote: <> my bad. :-( to SilverT257 and Mark Mihollan, thank you for responding. my "chemo brain" gets forgetful. i am taking system offline after sending this and will run wireshark again to see if there is anything different. thanks again. -- peace out. in a world with out fences, who needs gates. tc,hago. g .
new paste at; pastebin.com/rCU0CC10 hopeful this will give better info and answers. thanks again to respondents. -- peace out. in a world with out fences, who needs gates. tc,hago. g .
On 12/3/2014 1:53 PM, g wrote:> new paste at; > > pastebin.com/rCU0CC10 > > hopeful this will give better info and answers. > > thanks again to respondents.again, wireshark is, for some unknown reason, calling that 00:0f:fe:8f:8f:23 MAC address "PartedMagic", this MAC is associated with the IP 192.168.1.144 other than wireshark's odd name for this host, I see nothing wrong here. Does in fact the system with that IP have that MAC ? if so, everything is normal, that system is apparently connecting to secure.informaction.com -- john r pierce 37N 122W somewhere on the middle of the left coast